Extracted

• • Target

    004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828.elf

  • Size

    535KB

  • MD5

    22cd21f5cfc3ea409f3a05585d903949

  • SHA1

    d48c82b3ce4460930518a924a51bab5c496b38b0

  • SHA256

    004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828

  • SHA512

    3be30393b65e4c1279ea8f3e076c6538701eb178148a0d546a391ab9d0741c99deb707a1bc051fb5eec26b25877499a0069950dc8eb1302f598492ea070e1bf9

  • SSDEEP

    12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojh:/fUywKQ7Fb1pNL/p52fjQn36Euh

  Score

  10^/10

  xorddosbotnetdiscoverydownloaderexecutionpersistenceprivilege_escalatiorootkit

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Xorddos family

    xorddos

  • Writes memory of remote process

  • Loads a kernel module

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio
  behavioral1